CVE-2025-3200
CRITICALWiesemann & Theis Com-Server++ < 1.60 - Unauthenticated TLS Interception via TLS 1.0/1.1
Title source: llmDescription
An unauthenticated remote attacker could exploit the used, insecure TLS 1.0 and TLS 1.1 protocols to intercept and manipulate encrypted communications between the Com-Server and connected systems.
References (1)
Core 1
Core References
Various Sources
https://certvde.com/en/advisories/VDE-2025-031/
Scores
CVSS v3
9.1
EPSS
0.0031
EPSS Percentile
22.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-327
Status
published
Products (5)
Wiesemann & Theis/Com-Server 20mA
0.0.0 - 1.60
Wiesemann & Theis/Com-Server OEM
0.0.0 - 1.60
Wiesemann & Theis/Com-Server PoE 3x Isolated
0.0.0 - 1.60
Wiesemann & Theis/Com-Server UL
0.0.0 - 1.60
Wiesemann & Theis/Com-Server++
0.0.0 - 1.60
Published
Apr 28, 2025
Tracked Since
Feb 18, 2026